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REMARKS 

Claims 1-59 are pending and stand rejected. Claims 1, 5, 6-8, 12-16, 21, 25-28, 
32, 38-40, 43, 44, 48, 49, 54, and 59 have been amended. 

Cuutvi Rejections -35 USC § 102; The Examiner rejected Claims 1-5 and 21-30 
as being anticipated by USPN 6,453,353 issued to Win. To properly support a § 102 
rejection, the cited reference must teach or suggest the combination of elements as set 
forth in required in a rejected claim. 

Win describes a system in which a user can gain access to authorized web 
based resources based on the user's role in an organization. See, e.g., Win Abstract 
Win's system includes an Access server (106) and a registry server (108) that help 
regulate to a protected resource (208), See Win, Fig. 4 (reproduced below). 
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The following summary is taken from Win, col. 4, line 33 through col. 6, line 65. 
To access a protected resource (208) via browser (1 00), the user is first presented with 
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a login page. Win's authentication client (414) verifies credentials entered through the 
page and reads the user's "roles" from the registry server (108). Authentication client 
(414) then encrypts and sends this data as a cookie to browser (1 00). Once the user is 
authenticated, access menu (412) returns a menu personalized according to the user's 
roles. That menu provides access to one or more protected resources. Browser (100) 
is required to supply the cookie to enable the user to access any of those resources. 

Claim 1 is directed to a method for providing a first network resource operating 
on a first network device access to a second network resource operating on a second 
network device. Claim 1 recites the following acts: 

1. from a third network device, locating a profile using profile data obtained from a 
client device, the profile containing data for identifying and for accessing the 
second network resource; 

2. from the third network device, supplying the profile to the second network 
resource; 

3. from the third network device, receiving, from the second network resource, 
temporary credentials for accessing the second network resource and generated 
according to the profile; and 

4. from the third network device, providing the first network resource with the 
temporary credentials so that the first network resource can provide the second 
network resource with the temporary credentials to access and interact with the 
second network resource on behalf of the client device. 

Contrary to Claim 1 , Win simply describes a system for providing a user of a 
browser (100) access to a protected resource (208). Win does not describe a system 
that allows a first network resource to access a second network resource where those 
network resources are operating on different network devices. Simply stated, Win does 
not teach or suggest providing, from a third network device, the first network resource 
(operating on a first network device) with the temporary credentials so that the first 
network resource can provide the second network (operating on a second network 
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device) resource with the temporary credentials to access and interact with the second 
network resource on behalf of the client device. 

In the context of Win, Fig. 4, Win does not teach or suggest that a network 
resource (operating on one network device) provide temporary credentials to access 
protected network resource (208) (operating on another network device) on behalf of a 
client device. To the contrary, Win only teaches that browser (100) supply temporary 
credentials in the form of a cookie to allow a user of browser (100) access to protected 
resource (208). 

For at [east these reasons, Claim 1 is patentable over Win as are Claims 2-5 due 
at least in part to their dependence from Claim 1. 

Claim 21 is directed to a computer readable medium having instructions for 
implementing the method steps similar to those of Claim 1. For the same reasons 
Claim 1 is patentable, so are Claim 21 and Claims 22-25 which depend from claim 21. 

Claim 26 is directed is directed to a computer readable medium having 
instructions for 

1. from a first network device, instructing a client device to provide profile data to an 
identification service operating on a third network device, the identification 
service having access to one or more profiles used to access one or more data 
services, the profile data identifying a particular profile; 

2. from the third network device, locating the particular profile using the profile data 
obtained from the client device, the profile containing data for identifying and for 
accessing a data service operating on a second network device; 

3. from the second network device, generating temporary credentials for accessing 
the data service identified by the particular profile; and 

4. from the first network device, providing the data service with the temporary 
credentials to access and interact with the data service on behalf of the client 
device, 
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For the same reasons discussed above with respect to Fig. 1 , Win does not 
teach providing, from the first network device, a data service (operating on a second 
network device) with the temporary credentials to access the data service on behalf of a 
client device. In the context of Win, Fig. 4, Win only teaches that browser (1 00) supply 
temporary credentials in the form of a cookie to allow a user of browser (100) access to 
protected resource (208). 

For at least these reasons, Claim 26 is patentable over Win as are Clams 27-31 
due at least in part to their dependence from Claim 26. 

Claim Rejections -35 USC § 103: The Examiner rejected Claims 6-12, 14-19, 
32-42, 44-51, 54-56, 58, and 59 as being unpatentable over Win in view of US Pub. 
2003/0061275 to Brown. 

Claim 6 is directed to method for enabling an application server to access a data 
service, the application server operating on a first network device and the data service 
operating on a second network device, and recites the following acts: 

1. the application server instructing a client device to provide profile data to an 
identification service operating on a third network device, the identification 
service having access to one or more profiles used to access one or more data 
services including the data service operating on the second network device, the 
profile data identifying a particular profile; 

2. the identification service locating the particular profile using the profile data 
received from the client device, the profile containing data for identifying and for 
accessing the data service; 

3. the identification service providing the profile to the data service; 

4. the data service generating temporary credentials for accessing the data service 
identified by the particular profile; and 
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5. the application server obtaining the temporary credentials and providing the data 
service with the temporary credentials to access and interact with the data 
service on behalf of the client device. 

The Examiner admits that Win does not teach "that the application server obtains 
the temporary credentials and providing the data service with the temporary credentials 
to access the data service on behalf of the client" For this, the Examiner relies on 
Brown. Brown simply describes a proxy machine (16) capable of stripping "set cookie" 
commands being returned in message headers to a client device (10) from a web 
content server (14). The proxy machine (16) stores the cookie in a storage (24) so that 
the client device (10) does not have to. The proxy machine (16) also functions to add 
cookies to message headers being sent from the client device (10) to the web content 
server (14). 
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In the spirit of Claim 1, Claim 6 recites an application server (operating on a first 
network device) that obtains temporary credentials and provides a data service 
(operating on a second network device) with the temporary credentials to access and 
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interact with the data service on behalf of a client device. Those temporary credentials 
are generated by the data service according to a profile located by an identification 
service that operates on a third network device. The identification service locates the 
profile using profile data provided by the client device. This is neither taught nor 
suggested by the combined teachings of Win and Brown. 

For at least these reasons, Claim 6 is patentable over Win and Brown, as are 
Claims 7-13 which depend from Claim 6. 

Claim 14 is directed to a method for enabling an application server to access a 
data service, the application server operating on a first network device and the data 
service operating on a second network device, and recites the following acts: 

1. the application server receiving, from a client device, a request to direct an 
application; 

2. the application server instructing the client device to provide profile data to an 
identification service operating on a third network device, the identification 
service having access to one or more profiles for identifying and accessing one 
or more data services, the profile data identifying a particular profile; 

3. the identification sen/ice providing the data service with the particular profile 
identified by the profile data, the profile containing data for identifying and 
accessing the data service; 

4. the data service using the profile to generate temporary credentials for accessing 
the data service; and 

5. the application server providing the data service with the temporary credentials to 
access and interact with the data service on behalf of the client device. 

In the spirit of Claim 6, Claim 14 recites application server (operating on a first 
network device) that provides a data service (operating on a second network device) 
with the temporary credentials to access and interact with the data service on behalf of 
a client device. Those temporary credentials are generated by the data service 
according to a profile located by an identification service that operates on a third 
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network device. The identification service locates the profile using profile data provided 
by the client device. As with Claim 6 t this is neither taught nor suggested by the 
combined teachings of Win and Brown. 

For at least this reason Claim 14 is patentable over Win and Brown as are 
Claims 15-20 which depend from Claim 14. 

Claim 32 is directed to a computer readable medium having instructions for: 

1. from a third network device, generating an interface having user accessible 
controls for creating a profile for accessing a data service operating on a second 
network device; 

2. from the third network device, creating a profile according to selections made 
through the interface the profile containing data for identifying and accessing the 
data service; 

3. from the third network device, providing a client device with profile data 
identifying a created profile; 

4. upon receiving profile data, retrieving a profile identified by the profile data 
received; 

5. generating temporary credentials for accessing the data service identified by the 
retrieved profile; and 

6. providing an application server operating on a first network device with the 
temporary credentials for accessing and interacting with the data service on 
behalf of the client device. 

In the spirit of Claim 6, Claim 32 recites providing an application server 
(operating on a first network device) with temporary credentials for accessing and 
interacting with a data service (operating on a second network device) on behalf of a 
client device. Those temporary credentials are generated according to a profile 
retrieved using profile data. As with Claim 6, this is neither taught nor suggested by the 
combined teachings of Win and Brown. 
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For at least these reasons Claim 32 is patentable over Win and Brown as are 
Claims 33-37 which depend from Claim 32. 

Claim 38 is directed to a computer readable medium having instructions for: 

1 generating, at a third network device, a profile interface having user accessible 
controls for creating a profile for locating and accessing a data service operating 
on a second network device; 

2. from the third network device, creating a profile according to selections made 
through the profile interface, the profile containing data for identifying and 
accessing the data service; 

3. from the third network device, providing a client device with profile data 
identifying a created profile; 

4. receiving, at a first network device, a request to access an application; 

5. from the first network device, instructing a client device to send profile data; 
6* receiving the profile data at the third network device; 

7. from the third network device, retrieving a profile identified by the profile data; 

8. generating, at the second network device, temporary credentials for accessing a 
data service identified by the retrieved profile; and 

9. from the first network device, providing the data service with the temporary 
credentials to access and interact with the data service on behalf of the client 
device. 

In the spirit of Claim 6, Claim 38 recites providing, from a first network device, a 
data service with the temporary credentials to access and interact with the data service 
(operating on a second network device) on behalf of a client device. Those temporary 
credentials are generated at the second network device according to a profile retrieved 
using profile data. The profile is retrieved at a third network device using profile data 
sent by the client device under instruction from the third network device. As with Claim 
6, this is neither taught nor suggested by the combined teachings of Win and Brown. 
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For at least these reasons Claim 38 is patentable over Win and Brown as are 
Claims 39-43 which depend from Claim 38. 

Claim 44 is directed to a system for providing a first network resource operating 
on a first network device with access to a second network resource operating on a 
second network device and recites the following elements: 

1. an identification service operating on a third network device, the identification 
service in network communication with a credential module, 

2. the credential module operating on the second network device and operable to 
use a profile acquired by the identification service to generate temporary 
credentials for accessing the second network resource; 

3. the identification service being operable to receive profile data from a client 
device, to acquire a profile identified by the profile data; 

4. the credential module and the identification service, together being operable to 
provide the first network resource with the temporary credentials enabling the 
first network resource to provide the second network resource with the temporary 
credentials to access and interact with the second network resource on behalf of 
the client device. 

Similar to the previous Claims, Claim 44 recites a credential module (operating 
on a second network device) and an identification service (operating on a third network 
device) that together can provide a first network resource (operating on a first network 
device) with the temporary credentials enabling the first network resource to provide a 
second network resource (operating on the second network device) with the temporary 
credentials to access and interact with the second network resource on behalf of a 
client. This is neither taught nor suggested by the combined teachings of Win and 
Brown. 

For at least this reason Claim 44 is patentable over Win and Brown as are 
Claims 45-48 which depend from Claim 44. 

S/7V: 10/085,971 

23 Case; 10013820-1 

Response to Office Action 



PAGE 27/31 * RCVD AT 10120/2005 5:06:32 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/25 * DN1S:2738300 * CSID:208 433 9295 * DURATION (mm-ss):07-22 



OGT-20-2005CTHU) 15:10 Ormiston & McKinney 



(FAX)208 433 9295 



P. 028/031 



Claim 49 is directed to a system for accessing a data service operating on a 
second network device and recites the following elements: 

1. an identification service, operating on a third network device, operable to receive 
profile data from a client device identifying a particular profile and to provide that 
profile, the profile to contain electronic data used to identify the data sen/ice; 

2. a credential module, operating on the second network device, operable to obtain 
the profile from the identification service, generate temporary credentials, and 
map those credentials to the data service identified by the profile; and 

3. an application server, operating on a first network device, operable to serve an 
Interface containing instructions to send profile data to the identification service, 
to obtain the temporary credentials, and to provide the data service with the 
temporary credentials to access and interact with the data service on behalf of 
the client device. 

Win and Brown do not teach or suggest an identification service, a credential 
module, and an application server where each of those elements operates on a 
different network device in the manner recited. For at least this reason Claim 49 is 
patentable over Win and Brawn as are Claims 50-53 which depend from Claim 49. 

Claim 54 is directed to a system for accessing a data service operating on a 
second network device and recites the following elements: 

1. an identification service operating on a third network device and operable to 
generate a profile interface having user accessible controls for creating a profile 
containing electronic data used to identify the data service, to create a profile 
using selections made through the profile interface, to issue instructions to store 
profile data used to access the created profile, to receive, from a client device, 
profile data identifying a particular profile, and to provide that profile; 
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2. a credential module operable to obtain the profile from the identification service, 
generate temporary credentials, and map those credentials to the data service 
identified by the profile; and 

3. an application server operating on a first network device and operable to serve 
an application interface that includes instructions to send profile data to the 
identification service, to obtain the temporary credentials, and to provide the data 
service with the temporary credentials to access and interact with the data 
service on behalf of the client device. 

Win and Brown do not teach or suggest an identification sen/ice, a credential 
module, and an application server where each operates on a different network device in 
the manner recited. For at least this reason Claim 54 is patentable over Win and Brown 
as are Claims 55-58 which depend from Claim 54. 



Claim 59 is directed to a system for accessing data and recites the following 
elements: 



1. a means for generating a profile interface having user accessible controls for 
creating a profile containing electronic data used to identify a particular data 
service operating on a second network device; 

2. a means for creating a profile using selections made through the profile 
interface; 

3. a means for issuing instructions to store profile data used to access the created 
profile; 

4. a means for receiving, from a client device, profile data identifying a particular 
profile; 

5. a means for providing the particular profile; 

6. a means for generating temporary credentials; 

7. a means for mapping the temporary credentials to the data service identified by 
the provided profile; 
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8. a means for serving an application interface that includes instructions to send 
profile data to an identification service operating on a third network device; 

9. a means for providing, from a first network device, the data service with the 
temporary credentials to access and interact with the data service on behalf of 
the client device^ and 

10. a means for invalidating the temporary credentials 

Win and Brown fail to teach or suggest a system that utilizes three different 
network devices and a client device in the manner recited by Claim 59. For at least this 
reason Claim 59 is patentable over Win and Brown, 

Claim Rejections -35 USC §103: The Examiner rejected Claims 13, 20, 31, 
43, 52, 53, and 57 as being unpatentable over Win in view of a publication authored by 
Curtin. 

• Claim 13 depends from Claim 6 and includes all the limitations of that base 
Claim. For at least the same reasons Claim 6 is patentable, so is Claim 13* 

• Claim 20 depends from Claim 14 and includes all the limitations of that base 
Claim. For at least the same reasons Claim 14 is patentable, so is Claim 20. 

■ Claim 31 depends from Claim 26 and includes all the limitations of that base 
Claim. For at least the same reasons Claim 26 is patentable, so is Claim 31. 

• Claim 43 depends from Claim 38 and includes all the limitations of that base 
Claim. For at least the same reasons Claim 38 is patentable, so is Claim 43. 

• Claims 52 and 53 depend from Claim 51 and include all the limitations of that 
base Claim. For at least the same reasons Claim 51 is patentable, so are 
Claims 52 and 53. 

• Claim 57 depends from Claim 54 and includes all the limitations of that base 
Claim. For at least the same reasons Claim 54 is patentable, so is Claim 57. 
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Conclusion: The foregoing is believed to be a complete response to the 
outstanding Office Action, Claims 1-59 are felt to be in condition for allowance. 
Consequently, early and favorable action allowing these claims and passing the 
application to issue is earnestly solicited . The foregoing is believed to be a complete 
response to the outstanding Office Action. 



Respectfully submitted, 
Gregory Eugene Perkins 
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